'use strict';

exports.fields = {
  account: 'required|string',
  password: 'required|password',
  // name: 'string',
  // phoneNumber: 'mobile',
  // roleIds: 'required|array',
  // creatorId: 'objectId',
};

exports.update = {
  privacy: [ 'password' ],
  async beforeHook() {
    const { ctx, app } = this;
    const operator = ctx.user;
    const delUser = await app.getModel('user').findById(ctx.params._id);
    if (delUser.account === 'super') ctx.throwBizError('超管用户不允许编辑');
    if (operator.account !== 'super') ctx.throwBizError('仅允许超管编辑用户');
  },
};

exports.destory = {
  privacy: [ 'password' ],
  async beforeHook() {
    const { ctx, app } = this;
    const operator = ctx.user;
    const delUser = await app.getModel('user').findById(ctx.params._id);
    if (delUser.account === 'super') ctx.throwBizError('超管用户不允许删除');
    if (operator.account !== 'super') ctx.throwBizError('仅允许超管删除用户');
  },
};

exports.zhName = '用户';
